Merge "storage: fix idle-maint avc denials." into main
diff --git a/audio/common.mk b/audio/common.mk
index edf7b6a..a691f0a 100644
--- a/audio/common.mk
+++ b/audio/common.mk
@@ -3,8 +3,15 @@
#Audio Vendor libraries
PRODUCT_PACKAGES += \
libfvsam_prm_parser \
- libmahalcontroller \
+ libmahalcontroller
+
+ifeq ($(USE_MAM_V4_ABOVE),true)
+PRODUCT_PACKAGES += \
+ libMAM_Google_Pixel_Android
+else
+PRODUCT_PACKAGES += \
libAlgFx_HiFi3z
+endif
ifneq ($(USE_AUDIO_HAL_AIDL),true)
## AudioHAL Configurations
diff --git a/bootctrl/aidl/BootControl.cpp b/bootctrl/aidl/BootControl.cpp
index 83deb72..8655929 100644
--- a/bootctrl/aidl/BootControl.cpp
+++ b/bootctrl/aidl/BootControl.cpp
@@ -384,7 +384,7 @@
*_aidl_return = true;
return ScopedAStatus::ok();
}
- if (in_slot >= slots)
+ if (in_slot < 0 || in_slot >= slots)
return ScopedAStatus::fromServiceSpecificErrorWithMessage(
INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te
index e0f5d7f..8022675 100644
--- a/mediacodec/vpu/sepolicy/mediacodec_google.te
+++ b/mediacodec/vpu/sepolicy/mediacodec_google.te
@@ -7,6 +7,8 @@
hal_client_domain(mediacodec_google, hal_graphics_allocator)
+add_service(mediacodec_google, eco_service)
+
allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
allow mediacodec_google video_device:chr_file { read write open ioctl map };
@@ -19,3 +21,11 @@
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;
+
+# Allow HAL to send trace packets to Perfetto
+userdebug_or_eng(`perfetto_producer(mediacodec_google)')
+
+userdebug_or_eng(`
+ allow mediacodec_google vendor_media_data_file:dir rw_dir_perms;
+ allow mediacodec_google vendor_media_data_file:file create_file_perms;
+')
diff --git a/modem/radio_ext/sepolicy/grilservice_app.te b/modem/radio_ext/sepolicy/grilservice_app.te
new file mode 100644
index 0000000..9bd8c8e
--- /dev/null
+++ b/modem/radio_ext/sepolicy/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)
diff --git a/storage/sepolicy/e2fs.te b/storage/sepolicy/e2fs.te
index c280cb7..464b4ce 100644
--- a/storage/sepolicy/e2fs.te
+++ b/storage/sepolicy/e2fs.te
@@ -1 +1,9 @@
+# fix mkfs
allow e2fs userdata_exp_block_device:blk_file rw_file_perms;
+allow e2fs efs_block_device:blk_file rw_file_perms;
+allow e2fs modem_userdata_block_device:blk_file rw_file_perms;
+allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl {
+ BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
+};
+allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
+allow e2fs sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/storage/sepolicy/fsck.te b/storage/sepolicy/fsck.te
index 2043199..88efb35 100644
--- a/storage/sepolicy/fsck.te
+++ b/storage/sepolicy/fsck.te
@@ -1 +1,6 @@
+# fix fsck
allow fsck userdata_exp_block_device:blk_file rw_file_perms;
+allow fsck efs_block_device:blk_file rw_file_perms;
+allow fsck modem_userdata_block_device:blk_file rw_file_perms;
+allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
+allow fsck sysfs_scsi_devices_0000:file r_file_perms;
diff --git a/touch/gti/ical/sepolicy/property.te b/touch/gti/ical/sepolicy/property.te
index 2a71d74..94fa3fc 100644
--- a/touch/gti/ical/sepolicy/property.te
+++ b/touch/gti/ical/sepolicy/property.te
@@ -1 +1,2 @@
system_public_prop(vendor_gti_prop)
+typeattribute vendor_gti_prop touch_property_type;